[Owasp-testing] Testing Guide V4: Stop writing, start the review

Lovelace, Sunni SLovelace at geico.com
Fri Apr 18 16:27:45 UTC 2014


Thanks.



From: Samantha Groves [mailto:samantha.groves at owasp.org]
Sent: Friday, April 18, 2014 11:59 AM
To: Matteo Meucci
Cc: Lovelace, Sunni; Jim Manico; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Testing Guide V4: Stop writing, start the review

End of August is when the project should end, but I believe we will finish earlier as Joan and Hugo are on the last bits of the work. Thank you for the feedback on the covers, Matteo. :-)

On Fri, Apr 18, 2014 at 6:12 AM, Matteo Meucci <matteo.meucci at owasp.org<mailto:matteo.meucci at owasp.org>> wrote:
We are under final review.

Samantha, we have a final date for the release?

Thanks,
Mat



On 04/18/2014 03:10 PM, Lovelace, Sunni wrote:
> Is there a release date for Testing Guide V4?.
>
>
>
> -----Original Message-----
> From: owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org> [mailto:owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org>] On Behalf Of Jim Manico
> Sent: Tuesday, April 01, 2014 5:13 PM
> To: Matteo Meucci; owasp-testing at lists.owasp.org<mailto:owasp-testing at lists.owasp.org>
> Subject: Re: [Owasp-testing] Testing Guide V4: Stop writing, start the review
>
> Wow, very exciting. :) I'm thrilled to see this close to getting released!
>
> Aloha,
> Jim
>
> On 4/1/14, 10:47 AM, Matteo Meucci wrote:
>> Hi all,
>> the reviewing phase is finished.
>> Some reviewers did the review, but it is not complete.
>>
>> Please if you have reviews to add to the wiki do it now.
>>
>> In the next days we will start the last phase of the project.
>>
>> Thanks!
>> Mat
>>
>> On 04/01/2014 04:03 PM, Mitchell, Rick (6030318) wrote:
>>> I had some time to tackle more review this morning. I only made it through the first few sections, here are some notes:
>>>
>>> Testing: Conduct search engine discovery/reconnaissance for
>>> information leakage (OTG-INFO-001)
>>> * Lead-in paragraph indicates: " Indirect methods relate to gleaning sensitive design and configuration information by searching forums, newsgroups and tendering websites." Yet no such information is covered in the entry. IMHO either this article needs to be beefed up or the statement should be removed.
>>> * Made minor corrections related to punctuation (addition of Oxford commas and some missing periods, as well as borders on images).
>>>
>>> Fingerprint Web Server (OTG-INFO-002)
>>> * Minor updates, grammar and content.
>>> * Makes me wonder if we have a style guide? Are we supposed to be using Title Caps for section naming?
>>>
>>> Testing: Review Webserver Metafiles for Information Leakage
>>> (OTG-INFO-003)
>>> * Reference links in this article are confusing. For example: [1] in the "Summary" section is not the same as [1] in the "How to Test" section...
>>> * Minor updates, grammar and content.
>>>
>>> Rick
>>>
>>>
>>> -----Original Message-----
>>> From: owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org>
>>> [mailto:owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org>] On Behalf Of Matteo
>>> Meucci
>>> Sent: Saturday, March 08, 2014 6:25 PM
>>> To: owasp-testing at lists.owasp.org<mailto:owasp-testing at lists.owasp.org>
>>> Cc: Andrew Muller; Davide Danelon
>>> Subject: [Owasp-testing] Testing Guide V4: Stop writing, start the
>>> review
>>>
>>> Dear OWASP Testing Guide followers.
>>> thanks to David who did the last rush, we have closed the Testing
>>> Guide Project's first phase!
>>> Many thanks to all the contributors!
>>>
>>> All the articles are closed now.
>>> Now it is time for the reviewers.
>>>
>>> You can see the status here:
>>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3
>>> dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
>>>
>>> Now the ToC is definitive:
>>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Conte
>>> nts
>>>
>>> We deleted many items and 3 chapters:
>>> - Web Services Testing (no completed at all, it's better to have a
>>> separate guide on this)
>>> - Logging (not in scope of the wapt)
>>> - Denial of Service (not in scope of the wapt)
>>>
>>> Now we have split the set of active tests in 12 sub-categories for a
>>> total of 91 controls:
>>> Information Gathering
>>> Configuration and Deploy Management Testing Identity Management
>>> Testing Authentication Testing Authorization Testing Session
>>> Management Testing Data Validation Testing Error Handling
>>> Cryptography Logging Business Logic Testing Client Side Testing
>>>
>>> NEXT STEP:
>>> We'll contact all the proposed reviewers asking them to review the
>>> Guide in the next 2 weeks:
>>>> Paolo Perego
>>>> Daniel Cuthbert
>>>> Matthew Churcher
>>>> Lode Vanstechelman
>>>> Sebastien Gioria
>>>> Antonio Fontes
>>> Any others that want to help? Please answer only if you can review
>>> the guide in the next days.
>>>
>>> Deadline: end of March 2014
>>>
>>> Thanks!
>>> Mat & Andrew
>>>
>>> --
>>> Matteo Meucci
>>> OWASP Testing Guide co-Lead
>>> OWASP Italy President
>>>
>>>
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> ====================
> This email/fax message is for the sole use of the intended
> recipient(s) and may contain confidential and privileged information.
> Any unauthorized review, use, disclosure or distribution of this
> email/fax is prohibited. If you are not the intended recipient, please
> destroy all paper and electronic copies of the original message.
>

--
--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President



--

Samantha Groves, MBA

OWASP Projects Manager



The OWASP Foundation

Phoenix, USA

Email: samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>

Skype: samanthahz



OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me<http://goo.gl/mZXdZ>

OWASP Contact US Form<http://owasp4.owasp.org/contactus.html>

New Project Application Form<http://www.tfaforms.com/263506>




====================
This email/fax message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution of this
email/fax is prohibited. If you are not the intended recipient, please
destroy all paper and electronic copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140418/9b7d402a/attachment-0001.html>


More information about the Owasp-testing mailing list